Re: [Module-build-general] signature verification and some bug fixes
Status: Beta
Brought to you by:
kwilliams
Menu
▾
▴
Re: [Module-build-general] signature verification and some bug fixes
|
From: Ken W. <ke...@ma...> - 2003-07-03 19:49:16
|
On Thursday, July 3, 2003, at 02:25 PM, Dave Rolsky wrote: > Oops, I was wrong. It respects your MANIFEST.SKIP file. But that > _would_ > need to be included in the released distro, which is probably worth > noting > somewhere in the docs. I think maybe the right thing to do would be to check somewhere in new() for the presence of a SIGNATURE file, and for whether Module::Signature is available, and if so, to attempt to verify the signature. This would (typically) happen before any other files got created, so it should generally work. However, the REAL right time to do it is BEFORE running the Build.PL file, obviously - if you're already running scripts you downloaded off the net, it's a little late to be checking signatures! So I'm thinking we might want to not support this at all, on general principle. -Ken |
